WordPress Glossary plugin <= 2.2.38 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Glossary versions = 2.2.38...

CVE-2024-6570

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

WordPress Glossary by WPPedia plugin <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Glossary by WPPedia versions = 1.3.0...

CVE-2022-41831

Auth. contributor+ Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin = 3.1.2 versions...

CVE-2022-41831 WordPress Glossary Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin = 3.1.2 versions...

WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Software Glossary Type Plugin Vulnerable versions = 2.1.27 Fixed in 2.1.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24378 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7470ca4b443e Credits Rafshanzani Suhada Required...